Trend Micro researches have predicted that this year, cybercriminals will continue to take advantage of Covid-19-related effects and incidents — such as people’s reliance on online purchases and e-services and the increased need for financial assistance — in order to bait victims and steal critical information. Even though new ways of stealing information regularly arise, tried-and-tested ones are still being actively utilized. We discuss the behaviors and external indicators of some phishing campaigns that we observed from the latter part of December 2020 to the first weeks of January 2021. These campaigns highlight the inclusion of fake online payment forms with the goal of stealing financial information more efficiently.
In one campaign, we saw how malicious actors lured victims with a fake sweepstakes giveaway (winneragent[.]com/usr/register). On the top part of the page, a countdown timer can be seen alongside a message claiming that because of “great media attention,” the sweepstakes queue will end after a certain number of hours. This aims to create a fake sense of urgency in potential victims.
Source: Trend Micro